How Secure Is My Electronic Passport?

If you obtained a passport in the last few years, then you are a bearer
of an electronic passport or e-passport. It features an embedded
microchip technology that is used to verify your identity. The chip
contains your unique biometrics, the data from your passport data page,
the microchip identification number, and a digital signature that
verifies the authenticity of the chip's data. It is designed to be read
by special e-passport chip readers.

The whole point of the electronic passport
is increased security. The United States mandates that all countries
participating in the U.S. Visa Waiver Program must issue passports with
biometrics for use with facial recognition technologies. Anyone
entering the United States under the Visa Waiver Program must present
an e-passport in compliance with enhanced U.S. border security efforts.

Therefore, the U.S. State Department has been issuing U.S. electronic
passports to its citizens since 2007 in an effort to reciprocate and
comply with international secure travel standards. In fact, the
e-passport has quickly become the world standard for secure travel
documents. For U.S. e-passports, the embedded microchip is on the back cover of the passport book.

Some travelers are concerned with security and privacy issues of
e-passports; they fear that the technology is vulnerable to
unauthorized use. Eavesdropping on communications between the chip and
reader, skimming sensitive personal data, tracking the passport
holder's movements, and cloning the chip from the e-passport are the
biggest concerns. The U.S. State Department assures travelers that
measures have been taken in both e-passport design and use to deter
these criminal activities.

The U.S. State Department reduces the risk of skimming and
eavesdropping with the use of Basic Access Control (BAC) that denies
access to the chip's contents unless the reader proves it has
authorized access. The chip also has a randomized Unique Identifier
(UID) to help prevent the passport holder from being tracked. Since
cloning means the chip is removed from the passport and replaced with a
different one, the recourse is matching the chip data with the passport
data page. U.S. e-passports also use Public Key Infrastructure (PKI)
technology to keep the data on the chip from being unlawfully altered.

There are some things you can do to enhance the security
measures for your own e-passport. The first thing an e-passport holder
should do is purchase an RFID blocking case or wallet
for the passport. They are specifically designed to secure RFID-enabled
passport cards and passport books to protect them from data
skimming and hacking. As long as the e-passport is inside the case, it
cannot be read remotely.

Always keep your passport on your person, do not put it in stowed
baggage or in overhead transit compartments. Keep it locked in your
hotel's safe and only carry a color photocopy with you while you are
out and about, and never exchange your passport as security for renting
cars, recreational vehicles, or other expensive items.